Bug 2461544 (CVE-2026-31644)
| Summary: | CVE-2026-31644 kernel: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | rhel-process-autobot, watson-tool-maintainers |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the Linux kernel's `lan966x` network driver. When the `lan966x_fdma_reload()` function encounters an error during the allocation of new receive (RX) buffers, it can lead to a use-after-free condition. This occurs because the system may attempt to restart Direct Memory Access (DMA) operations using memory pages that have already been released. Consequently, the hardware might write data into memory regions that are now allocated to other kernel components, potentially causing memory corruption. This could enable a local attacker to achieve privilege escalation or trigger a system crash (Denial of Service).
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-24 15:07:39 UTC
|